Bytefreaks.net – a place for hacks

CentOS

Recently we were trying to compile WireShark from source on a CentOS 7 (64bit) with GTK3 disabled (./configure --disable-gtk3;).

As seen in the truncated logs below we got some errors.
To resolve them we had to install a few packages using yum.
Specifically, our solution involved the installation of the following:

sudo yum install libgcrypt-devel qt5-qttools-devel libpcap-devel -y;

Truncated logs:

...
checking for libgcrypt-config... no
checking for LIBGCRYPT - version >= 1.4.2... no
configure: error: libgcrypt not found; install libgcrypt-devel package for your system
libgcrypt-devel.i686 libgcrypt-devel.x86_64
[[email protected] wireshark-2.4.2]$ sudo yum install libgcrypt-devel -y
checking for lrelease-qt5... no
checking for lrelease... no
configure: error: I couldn't find lrelease-qt5 or lrelease; make sure it's installed and in your path
[[email protected] wireshark-2.4.2]$ sudo yum install qt5-qttools-devel
checking whether to use libpcap for packet capture... yes
checking for pcap-config... no
checking for extraneous pcap header directories... not found
checking pcap.h usability... no
checking pcap.h presence... no
checking for pcap.h... no
configure: error: Header file pcap.h not found; if you installed libpcap
from source, did you also do "make install-incl", and if you installed a
binary package of libpcap, is there also a developer's package of libpcap,
and did you also install that package?
[[email protected] wireshark-2.4.2]$ sudo yum install libpcap-devel
[[email protected] wireshark-2.4.2]$ ./configure --disable-gtk3

This configuration allowed us to provide a DHCP service to the network for the subdomain 192.168.0.x with the range [90,99].
Also, we statically defined the IP for our coolServer using a filter based on the MAC address of the machine.
If you do not want to provide any range, only static IPs, then comment out (#) the line that starts with the word range .

Step 3: Start DHCP service

systemctl start dhcpd.service;

Step 4: Check the status of DHCP service

systemctl status dhcpd.service;

It is a good idea to verify that there are no errors, so be sure to check the status of the service.
You can ignore the error that says “you did not define a subnet declaration for all devices” if you do not really need to do it.

Solution

Background – Explanation of commands

By default, CentOS does not have installed the necessary drivers to mountntfs drives.

sudo yum --enablerepo=extras install epel-release;

To install them, you need to enable the Extra Packages for Enterprise Linux (EPEL).

Extra Packages for Enterprise Linux (or EPEL) is a Fedora Special Interest Group that creates, maintains, and manages a high quality set of additional packages for Enterprise Linux, including, but not limited to, Red Hat Enterprise Linux (RHEL), CentOS and Scientific Linux (SL), Oracle Linux (OL).

EPEL packages are usually based on their Fedora counterparts and will never conflict with or replace packages in the base Enterprise Linux distributions. EPEL uses much of the same infrastructure as Fedora, including buildsystem, bugzilla instance, updates manager, mirror manager and more.

You can install EPEL by running yum --enablerepo=extras install epel-release. The epel-release package is included in the CentOS Extras repository that is enabled by default. The package includes gpg keys for package signing and repository information. Installing this package for your Enterprise Linux version should allow you to use normal tools such as yum to install packages and their dependencies.

sudo yum install ntfs-3g -y;

After you’ve enabled the repository, you should be able to install the Linux NTFS userspace driver packaged in ntfs-3g. ntfs-3g is a stable, open source, GPL licensed, POSIX, read/write NTFS driver for Linux and many other operating systems. It provides safe handling of the Windows XP, Windows Server 2003, Windows 2000, Windows Vista, Windows Server 2008 and Windows 7 NTFS file systems. NTFS-3G can create, remove, rename, move files, directories, hard links, and streams; it can read and write normal and transparently compressed files, including streams and sparse files; it can handle special files like symbolic links, devices, and FIFOs, ACL, extended attributes; moreover it provides full file access right and ownership support.

Following you will find the commands to perform the installation of the LAMP stack (Apache, MySQL, PHP) and phpMyAdmin on a GNU/Linux CentOS 7.
In this guide we kept the information to the bare minimum about what is what.

Installation

To perform the installation, please execute the following as a user with administrative rights:

Configuration of MariaDB (MySQL)

By now, your system should have all necessary packages installed and the services up and running.
Now it is best to configure your MariaDB (MySQL) in a way to disable some test data and test accounts and assign a password to your root user.
Execute the following to do so:

sudo mysql_secure_installation;

This tool will ask you for your current database root password. Since you just installed MariaDB (MySQL) you should not have one, so leave the field empty and press enter.
We recommend to answer with Y (Yes) in all of the security questions of this tool and set a strong password for your root user.

sudo mysql_secure_installation;

Following is the output we got from this tool:

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] Y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] Y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] Y
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] Y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] Y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!

Configuration of the firewall

Executing the following will enable access to your web-server from the network for http and https.

Location of files / Where to upload your website

In CentOS 7, the directory where the website pages are located is at /var/www/html/.
You can place your html and php code there.

Configuration of phpMyAdmin

phpMyAdmin should be available at http://<IP of the web server>/phpmyadmin
The access to phpMyAdmin is controlled by the Apache Virtual Host File for phpMyAdmin that is found here /etc/httpd/conf.d/phpMyAdmin.conf.
By default, this configuration file only allows access to phpMyAdmin from the localhost (127.0.0.1).
In case you want to access it from another machine, you need to modify this file.
Before doing any changes, make a backup of the original file first:

On a CentOS server we own, we had to disable eth0 from starting at boot time
To do so we needed to modify the file /etc/sysconfig/network-scripts/ifcfg-eth0 and set the value ONBOOT="yes" to ONBOOT="no".

Using you favorite text editor, make this change and restart your machine to verify that the change was successful.

Below is the sample content of /etc/sysconfig/network-scripts/ifcfg-eth0 after the change was applied to prevent eth0 from starting at boot time.

firewalld (Dynamic Firewall Manager) tool provides a dynamically managed firewall. The tool enables network/firewall zones to define the trust level of network connections and/or interfaces. It has support both for IPv4 and IPv6 firewall settings. Also, it supports Ethernet bridges and allow you to separate between runtime and permanent configuration options. Finally, it supports an interface for services or applications to add firewall rules directly.

Disable firewalld

To disable firewalld, execute the following command as root or using sudo:

systemctl disable firewalld

Enable firewalld

To enable firewalld, execute the following command as root or using sudo:

systemctl enable firewalld

Stop firewalld

To stop (or deactivate) firewalld,execute the following command as root or using sudo:

systemctl stop firewalld

Start firewalld

To start (or activate) firewalld, execute the following command as root or using sudo:

systemctl start firewalld

Status of firewalld

To check the status of firewalld, execute the following command as root or using sudo:

systemctl status firewalld

CONCEPTS

systemd provides a dependency system between various entities called “units” of 12 different types. Units encapsulate various objects that are relevant for system boot-up and maintenance. The majority of units are configured in unit configuration files, whose syntax and basic set of options is described in systemd.unit(5), however some are created automatically from other configuration, dynamically from system state or programmatically at runtime. Units may be “active” (meaning started, bound, plugged in, …, depending on the unit type, see below), or “inactive” (meaning stopped, unbound, unplugged, …), as well as in the process of being activated or deactivated, i.e. between the two states (these states are called “activating”, “deactivating”). A special “failed” state is available as well, which is very similar to “inactive” and is entered when the service failed in some way (process returned error code on exit, or crashed, or an operation timed out). If this state is entered, the cause will be logged, for later reference. Note that the various unit types may have a number of additional substates, which are mapped to the five generalized unit states described here. — From man systemd

The above, in a nutshell:

enabled is a service that is configured to start when the system boots

disabled is a service that is configured to not start when the system boots

active is a service that is currently running

inactive is a service that is currently stopped and may be disabled, but it can be started and become active

Apparently, sudo rpm --import https://pkg.jenkins.io/redhat-stable/jenkins.io.key; failed silently and it did not import the key.

To verify, we executed rpm -qa gpg-pubkey* to display a list of all keys installed for RPM verification. From that list we wanted to see if any of the keys was the one needed by jenkins which should end with the value d50582e6. Since none of them matched, we tried to manually re-import it which failed again.

Our Solution

Our solution, although ugly, was to disable PGP verification in the file /etc/yum.repos.d/jenkins.repo.

Once we got the OS started, we executed yum update -y to update all installed packages that were older than the versions in the repositories.
After the update process was complete, we then tried to install terminator using yum.